Login
Print

Software ports

The network port is usually number and standard network protocols like TCP, IP, UDP attaches a port number to the data it sends. A port number is to be assigned to each message according to the TCP layer requirements. This port (logical reference) number determines the type of service provided. This software network port (address in the form of a number) is assigned to a service for communicating between a program and another program/communication system. This naming system is logical and pertains to the services that carry on long term conversation. A list that specifies the port used by the server process is known as its contact port. A service contact port is defined to provide specific service to unknown callers. These software network ports also connect internal programs on the same computer. Numbers from 0 to 1023 are used to identify a network service on the internet (Internet Protocol). Each IP packet contains a TCP or UDP header which directs applications to the appropriate application in the server. Reserved port numbers and unassigned numbers can be used by application programs.
The Internet Assigned Numbers Authority (IANA) registers ports 1024 to 49151 for the convenience of internet continuity. Port numbers from 49151 to 65535 are called dynamic ports and are private. You could look up IANA for more details on assigned port numbers. The most well-known port is 80, which identifies HTTP traffic for a Web server. The Well Known Ports are assigned by the IANA and on most systems can only be used by system (or root) processes or by programs executed by privileged users. Port numbers are straight unsigned integer values which range up to a value of 65535. Below is a list of well known ports and their services.

20,21 FTP (File transfer)
22 SSH (Remote login secure)
25 SMTP (Internet mail)
53 DNS (Host naming)
80 HTTP (Web)
88 Kerberos (computer authentication protocol)
110 POP3 (Client access)
119 NNTP (Usenet newsgroups)
123 NTP (Network time)
137-139 NetBIOS (DOS/Windows naming)
143 IMAP (Client access)
161,162 SNMP (Network management)
163,164 CMIP (Network management)
443 HTTPS (Web secure)
514 Syslog (Event logging)
563 NNTPS (Usenet newsgroups secure)
993/tcp IMAP4 over SSL, Internet Message Access Protocol
995/tcp POP3 over SSL, Post Office Protocol
989,990 FTPS (File transfer secure)
1723 Virtual private network (VPN)

IP Addresses

TCP/IP stands for Transmission Control Protocol and IP for Internet Protocol. These protocols are responsible for transporting and managing the data across the network. The IPv4 requires a 4 byte address to be assigned to each network interface card that exists on all the computers in the network where as the Ipv6 assigns a 6 byte address. IP Addresses works almost like a house address without which determining where data packets go would be impossible. This assignment of address can be done automatically by network software's such as the DHCP which is the dynamic host configuration protocol or by manually entering static addresses into the computer. The part of the IP address that defines the network is the network ID, and the latter part of the IP address defining the host address is the host ID.

Using this port and addressing scheme, the networking system can pass data, addressing information, and type of service information through the hardware, from one computer to another.

VPN Ports
As every program on the computer is given a port number so too services that connect to the internet are given port numbers. These port numbers for the various VPN services are dependent on the software and the protocols that are being used.

  • PPTP encapsulates packets using GRE- Generic routing protocol which uses IP port 47, The IANA list 1723 as the port for VPN. A common mistake in configuring firewalls for use with PPTP is to open port 1723 and close IP port 47. This allows connections to be established but denies the actual data from passing through the tunnel to the machine. Some software utilities verify if both the ports are open for GRE in PPTP to be used.
  • L2TP protocol is assigned 115 as its port number.
  • IPSec VPN ports assignments for uses of Encapsulation Security payload (protocol 50) and Authentication Header (protocol 51). Port 88 for Kerberos authentication in TCP/UDP and port 500 for Internet Security Association and Key Management Protocol in TCP/UDP.
  • SSL VPN for secure HTTP application uses port 443.
  • MPLS-in IP uses port 137
  • For the systems that use VPN hardware normally port 500,4500,10000 &smp 10001 are used. One for outgoing traffic and the other for incoming traffic.

Hardware ports

Hardware ports are an entirely different concept compared to software based network ports. In computer hardware terminology a port is a hardware connection through which the computer communicates with external devices. These are an electrically wired outlet into which and external devices are plugged. These ports come in different shapes and sizes. They connectors we use are called male and female connectors and have standards for its properties and functions. A keyboard is connected to a keyboard port; a printer is connected to the printer port and so on. Plug and play devices are connected to the Universal Serial Bus- USB port. Ports are basically divided into two groups' serial ports and parallel ports. A serial port sends and receives only one bit of data at a time where as parallel ports sends and receives multiple bits over a group of wires.

All processors use assembly instructions to access the ports on the mother board or any add on boards. The methods for mapping these ports are either hardware I/O or memory-mapped I/O. The hardware I/O is a concept where separate numbers are given to the ports and the devices they connect to. Intel processors generally send one byte of instruction/data to the port which is used to gain access to the resources of the processor. In memory-mapped I/O there is not separate numbering for the ports but they are accessed by the processor as if it were another part of the memory of the computer. The number of devices that can be attached to a computer can be increased by various add on cards. These cards use the various bus interfaces available on the motherboard to increase the number of devices attached to a computer. One such card is the Peripheral Component Interconnect-PCI card. A technology to combine hardware ports into a single group to enhance bandwidth and fault tolerance is known as hardware port trunking. This is similar to software port trunking that combines two agents which may be websites or channels.

In the many hardware devices in the VPN market if we hear of number of ports being many these are referring to the number of simultaneous hardware connections that can be made. This enhances the speed and performance of the system especially those of huge enterprises that want video conferencing and voice over the VPN.

VPN ports for network setting is a bit complex when you have no knowledge of the protocols, the encryption and authentication techniques they use. Some software's allow you to configure them properly sometimes you may not be able to configure them properly, for example Microsoft VPN port. When VPN hardware is used for a client the process is easy like that for a Cisco VPN port. For a LAN and huge networks the administrator then has to set privileges and configure the firewall as well. This process is necessary for proper security.